Create a VPN connection in Windows Vista and Windows Server 2008

You can use this procedure to create a VPN connection to a remote network. A VPN connection is a method for allowing a computer to access a secured remote network by using a non-secure network, such as the Internet, that lies between them.

Any user account can be used to complete this procedure. Review the details in "Additional considerations" in this topic.

On the Choose a connection option page, click Set up a virtual private network (VPN) connection, and then click Next.

On the How do you want to connect page, click Use my Internet Connection (VPN).

In the Internet address text box, type the host name, IPv4 address, or IPv6 address of the remote VPN server.

In the Destination name text box, type the name for this connection that you want displayed in Network and Sharing Center.

If the remote VPN host supports smart card authentication, then select Use a smart card.

If this connection can be used by any user on this computer, then select Allow other people to use this connection.

If you do not want to connect right now, then select Don't connect now; just set it up so I can connect later. If you leave this check box unselected, then the computer attempts to complete the connection as soon as you finish configuring the connection.

Click Next.

In the User name, Password, and Domain text boxes, enter the credentials that grant you access to the remote network.

If you want the computer to remember these credentials and for each time you connect, then select Remember this password.

Windows saves your network configuration so that it is available for use from the Connect to menu.

Click Next.

One of the following results occur:

If you did select the Don't connect now check box, then Windows displays a page that indicates that your connection is ready to use. You can use the connection by clicking the Connect to my workplace now link, or click Close.

If you did not select the Don't connect now check box, then Windows immediately attempts to connect to the network.

VPN connections are blocked by default by many software and hardware firewall products. Make sure that any firewall software you run on this computer is configured to allow VPN connections. Also, configure any firewall components on your network to allow VPN traffic to pass through. For more information, see the documentation provided with your firewall software or hardware device.

To make the connection available to all users, you must be logged on as a member of the Administrators group or the Network Configuration Operators group.

You can create multiple VPN connections by copying them in the Network Connections folder. You can then rename the connections and modify connection settings. By doing so, you can easily create different connections to accommodate multiple hosts, security options, and so on. For more information, see Create a copy of a network connection and Rename a network connection.

Creating a VPN connection over a dial-up or PPPoE connection involves creating the dial-up or PPPoE connection and VPN connection separately, and then configuring the VPN connection to use the dial-up or PPPoE connection instead of the Internet.

When you follow this procedure, you still have two connections listed in the Network Connections folder, but you only have to start the VPN connection. Windows starts the dial-up or PPPoE connection for you first, and then establishes the VPN connection in addition to the dial-up or PPPoE connection.

You might want to consider naming your VPN connection in a way that indicates to you that it will start a dial-up or PPPoE connection.